Děkuji za rady, máte naprostou pravdu. "Plácal jsem to tak dlouho, až to začalo fungovat."
Výpis firewalu je:
Pokusil jsem se nakreslit mapu sítě. Snad to k něčemu bude. Můžete mě alespoň naťuknout, kde bych měl začít opravovat nastaveni Mikrotiku. Děkuji za váš čas.add action=accept chain=input comment="OpenVPN povolen\ED portu" disabled=no dst-port=1194 protocol=tcp
add action=accept chain=input comment="Povoleni spojeni PPTP" disabled=no dst-port=47 protocol=tcp
add action=accept chain=input disabled=no dst-port=1723 protocol=tcp
add action=accept chain=input comment="Povoleni administrace pomoci prohlizece (nesifrovane)" disabled=no dst-port=80 protocol=tcp
add action=drop chain=input comment="Obrana pred utokem ssh brute forcers (umozni prihlasit se 3x do minuty, pak BAN na 30 dni)\
\nZdroj: http://wiki.mikrotik.com/wiki/Bruteforce_login_pre vention_%28FTP_%26_SSH" disabled=no dst-port=22 protocol=tcp src-address-list=ssh_blacklist
add action=add-src-to-address-list address-list=ssh_blacklist address-list-timeout=4w2d chain=input connection-state=new disabled=no dst-port=22 protocol=tcp src-address-list=ssh_stage3
add action=add-src-to-address-list address-list=ssh_stage3 address-list-timeout=1m chain=input connection-state=new disabled=no dst-port=22 protocol=tcp src-address-list=ssh_stage2
add action=add-src-to-address-list address-list=ssh_stage2 address-list-timeout=1m chain=input connection-state=new disabled=no dst-port=22 protocol=tcp src-address-list=ssh_stage1
add action=add-src-to-address-list address-list=ssh_stage1 address-list-timeout=1m chain=input connection-state=new disabled=no dst-port=22 protocol=tcp
add action=accept chain=input comment="povolen\ED SSH z internetu" disabled=no dst-port=22 protocol=tcp
add action=accept chain=input comment="default configuration" disabled=no protocol=icmp
add action=accept chain=input comment="default configuration" connection-state=established disabled=no
add action=accept chain=input comment="default configuration" connection-state=related disabled=no
add action=drop chain=input comment="default configuration" disabled=no in-interface=ether1-gateway
add action=accept chain=forward comment="default configuration" connection-state=established disabled=no
add action=accept chain=forward comment="default configuration" connection-state=related disabled=no
add action=drop chain=forward comment="default configuration" connection-state=invalid disabled=no